Family Friend VPN

The year was 2017

    When I was talking to a developer, for IBM, at by brothers' wedding I realized how much I REALLY knew about information security. He would talk about problems with his information security posture and I would counter with solutions. "Dude you are in the wrong field. You are smarter than you understand!". That is what he said at the reception. That was two people telling me the same thing. He was the second. The first was the voice in my head. I decided that having cybersecurity on the backburner, as a hobby, was not cutting it. I started making moves at that point, academically, to align myself processsional with security testing and research. That was only 5(ish) years ago!

    Every time you think you cannot do it.... just remember.... somebody did!

    Also, i'm not sure if I feel like dedicating work solely on the isc2 Cybersecurity cert while already having my Sec+ while eyeing the CySA+.

  • A Buford
  • Aug, 2022

EXIF-Ooops. I'm sorry.

    As many of you have noticed the pictures in the picture galleries are now NOT automatically displayed upright. I'm sorry. Sort of. I updated my rsync script for website updating...

    exiftool -r -all= -ext jpg -ext gif -ext png [a-folder-on-my-server]/images/

    find [a-folder-on-my-server]/images/ -type f -name '*_original' -delete

    As you can see it simply strips EXIF data from images, in images galleries, prior to update and deletes the originals. This caused the issues displayed. I may or may not work on a fix and research the gallery functionality more closely.

  • A Buford
  • Aug, 2022

Thank you Pi-Hole

    You keep the ads at bay and phoning home to a minimum. Pi-Hole is one of the most beneficial, and most utilized, piece of software on my SOHO LAN.

  • A Buford
  • Aug, 2022

Home Assistant Object dectection automation update

    I decided to limit the lighting automation, on front doorway, to after sunset because it only makes more sense. I need to save electricity!

    alias: Frigate (Front doorway light on person dectect)
    description: ""
      - platform: mqtt
        topic: frigate/events
        payload: "on"
        value_template: >-
          {{ "on" if value_json["type"] == "new" and value_json["before"]["camera"]
          == "front_door_cam_fri" and value_json["before"]["label"] == "person" else
      - condition: sun
        after: sunset
      - type: turn_on
        device_id: 1ac8dbe1de45515de0cb274ec116b916
        entity_id: light.front_doorway_light
        domain: light
    mode: single

    Lights shouldn't be needed until after sunset. Right?

  • A Buford
  • Aug, 2022

Nessus {Essentials} Vulnerability Scanning

    I took some time over the weekend to once again use Nessus and see what the offerings were. Similar to my inital learning with Burp-Suite I'm currently limited to a learners/student edition of the scanner. This isn't my first Nessus Rodeo. I setup an Ubuntu Server virtual machine using qemu/kvm. Next I installed Nessus with an education license and proceeded to port 8834, at the VM IP adress, to access the Nessus web UI and configuration wizard.

    Installation is as easy as downling the most recent .deb package then; sudo dpkg -i Nessus-10.3.0-ubuntu1404_amd64.deb && sudo /bin/systemctl start nessusd.service

    The advanced scan will satisfy most individuals looking to get familar with Nessus from my experience. It is a great way to categorize and prioritize potential risks. Verify a finding as intended functionality and/or false-positive.

    May I scan you free of charge? Small businesses, I'm serious.

  • A Buford
  • Aug, 2022

Evil doesn't sleep. Knock.Knock.

    Passwordless authentication for-the-win. While we sleep, eat, work, and do everything else there may be a system knocking at your front door a hundred times a second. SSH and password authentication can easily turn into an attackers foothole with a little dedication and large enough wordlist..

    That is all. For now.

  • A Buford
  • Aug, 2022

A new page & SOQL+Apex+SFDC>CySA+

    Previous page is now indexed at #8 now.

    I have to take a break on starting with the CySA+ studying. I need to focus a little more on some Salesforce platform items for the next few weeks. I may or may not be able to post between now and then. 😔

    Also! Don't forget. New page banner added.

    The old banners can be viewed with a little URL tampering. Try it out! Be brave! Warning: Rate-limits do exist.

  • A. Buford
  • Aug, 2022